News

25,000 Unix servers seized by ‘Windigo’ Trojan

25,000 Unix servers have been hijacked by the Windigo trojan horse, security experts revealed this week. Security research giants ESET, in combination with the Swedish National Infrastructure for Computing, have discovered a global reach of this backdoor trojan that has spread to take control of UNIX servers around the world.

The trojan, named ‘Windigo’, has spread like wildfire and infected victims server across the world. Once compromised, the trojan horse allows the extraction of user credentials, mass sending of spam mail and redirection of legitimate traffic to sites containing further malware and malicious content.

The security research giants have stated that this trojan horse strain has been gaining momentum for up to years and has spread across the globe largely unnoticed. It is estimated that Windigo currently has upwards of ten thousand servers within its control, each of which has access to a multitude of further resources such as bandwidth and memory.

ESET have calculated that over half a million computers are attacked daily via the Windigo Trojan Horse.

This highly publicised attack has been known as Operation Windigo and aims to hijack servers and infect all devices that have any connect with them, therefore, the extent of the damage of this infection is currently unknown. Devices that have any kind of connection with these servers can also be compromised, with the trojan attempting to steal data from its victims. The servers are also utilised to redirect legitimate traffic to malicious code hosted on websites. ESET estimate that servers residing in USA are mainly affected, along with Germany, France and the UK some of the European countries affected.

ESET have estimated that over 60 percent of servers across the globe operate on UNIX/Linux operating systems and the security researchers are keen to warn system admins of the dangers of their systems if they have been compromised. A detailed technical report is available to assist admins with identifying the strain of the trojan horse and removing appropriately. Popular UNIX/Linux operating systems such as Linux, FreeBSD, OS X and Windows are among those affected by the strain.

Administrators that locate the Trojan Horse present on their servers are advised to perform a complete wipe of the computers affected and install a fresh version of the OS. Organisations should also consider applying further controls to prevent UNIX servers becoming infected again.